From a1b3664ec40f13fbeaeeaf8f6dbe4646d2d54638 Mon Sep 17 00:00:00 2001 From: Pierrick Caillon Date: Mon, 30 May 2016 23:59:08 +0200 Subject: [PATCH] Fix: mysql_user - permission string with column privileges MySQL returns privileges on columns as "PRIVILEGES (column)". For permissions to be correctly matched, it must be specified exactly the same in the module argument. A resulting string is like "dbname.dbtable:PRIVILEGES (column)". Thus, the space before the opening parenthesis must also be removed when creating the set of privileges for validation. --- lib/ansible/modules/database/mysql/mysql_user.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/ansible/modules/database/mysql/mysql_user.py b/lib/ansible/modules/database/mysql/mysql_user.py index f4db31162b7..a2699d71674 100644 --- a/lib/ansible/modules/database/mysql/mysql_user.py +++ b/lib/ansible/modules/database/mysql/mysql_user.py @@ -62,7 +62,15 @@ options: version_added: "2.1" priv: description: - - "MySQL privileges string in the format: C(db.table:priv1,priv2)" + - "MySQL privileges string in the format: C(db.table:priv1,priv2)." + - "Multiple privileges can be specified by separating each one using + a forward slash: C(db.table:priv/db.table:priv)." + - The format is based on MySQL C(GRANT) statement. + - Database and table names can be quoted, MySQL-style. + - If column privileges are used, the C(priv1,priv2) part must be + exactly as returned by a C(SHOW GRANT) statement. If not followed, + the module will always report changes. It includes grouping columns + by permission (C(SELECT(col1,col2)) instead of C(SELECT(col1),SELECT(col2))). required: false default: null append_privs: @@ -474,7 +482,7 @@ def privileges_unpack(priv, mode): if '(' in pieces[1]: output[pieces[0]] = re.split(r',\s*(?=[^)]*(?:\(|$))', pieces[1].upper()) for i in output[pieces[0]]: - privs.append(re.sub(r'\(.*\)','',i)) + privs.append(re.sub(r'\s*\(.*\)','',i)) else: output[pieces[0]] = pieces[1].upper().split(',') privs = output[pieces[0]]